While we’ve already discussed the new maintenance release for OroCRM Community Edition (CE) and Enterprise Edition (EE), we, at Oro, are excited to announce the addition of new security improvements for our upcoming versions of OroCRM.
Benefits of the new security improvements
Adhering to security best practices, the upcoming improvements will increase data protection and further eliminate any chance of a data breach. With a new set of tools fully available to OroCRM EE users, administrators will have more control over security at different levels, allowing them to safeguard sensitive data from intruders in multiple ways. For instance, admins will be able to:
- Set strong password rules
- Request mandatory password changes over a certain period of time
- Change multiple user account passwords in bulk
- Perform automatic user account deactivations when suspicious logins are detected
- Enable two-factor user authentication via email
Take a closer look at these new features in order to see how they can benefit your business.
Strong password request (CE and EE)
Customize the rules and restrictions for user-generated passwords
One of the most basic but important ways to increase security is to use highly secure passwords that cannot be cracked or guessed. To ensure this happens, this enhancement lets admins specify safe password criteria that users must follow when creating a new password. For instance, they can set the minimum number of characters allowed or make the use of uppercase, special characters, and numbers obligatory. A user will see a message informing them of the strong password prerequisites as they change.
Mandatory periodic password changes (EE)
Enforce mandatory periodic password changes in order to increase security.
Requiring that users change their passwords at regular intervals is another simple, but very effective way to increase security. Using this feature, it will now be possible for administrators to specify how often users must change their password (e.g., after x number of days, once a week, once a month, and so on). If a user keeps their old password after the deadline, it will automatically reset after their last notification email. In order to further ensure that the user creates a secure password, administrators can also request that their new password is entirely different from any they have used previously.
Mass reset of user passwords (EE)
Quickly reset passwords for every system user at once.
Not only is changing multiple user account passwords in bulk and across multiple computers convenient, but it also lets administrators swiftly handle a suspected password leak issue in case there is an emergency.
Automatic user deactivation in case of suspicious login attempts (EE)
Limit the number of failed login attempts to prevent intruders from guessing password
A basic but often effective strategy of breaking into an account is to simply make multiple attempts at logging in. This feature guards against this by limiting the number of times a user can try. After the first unsuccessful login, the system displays a message with the number of attempts remaining. If the user fails to enter the correct information in time, their account is automatically deactivated.
Two-factor user authentication via email (EE)
Enable two-factor authentication either for the system or for an organization.
Two-factor authentication provides an additional level of user identification (usually something simple, such as a security code) beyond the regular account login. It works by detecting when a user logs in from a location not recognized by the system, such as an unknown IP address, an unusual browser, or a new device. The system then sends them an auto-generated authentication code to their email that they must enter to login. If the user does not enter in this code for some reason, it will auto-expire over a configurable period of time.
When will the new features be available?
These security features will be available in the upcoming release! Stay tuned for our official release date and even more exciting announcements on our community blog.
As always, we look forward to your feedback and comments in our forums. Thank you!